openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN={{ HARBOR_IP }}" \
 -key ca.key \
 -out ca.crt
openssl genrsa -out {{ HARBOR_IP  }}.key 4096
openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN={{ HARBOR_IP }}" \
    -key {{ HARBOR_IP }}.key \
    -out {{ HARBOR_IP }}.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = IP:{{ HARBOR_IP }}
EOF
openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in {{ HARBOR_IP }}.csr \
    -out {{ HARBOR_IP }}.crt
openssl x509 -inform PEM -in {{ HARBOR_IP }}.crt -out {{ HARBOR_IP }}.cert

